<?php

  if( is_null( $_SESSION[ 'secure_user_session' ] ) or strlen( $_SESSION[ 'secure_user_session' ] ) == 0 )
  {
    //print 'debug2.1<br>';

    if( strlen( $_REQUEST[ 'user_name' ] ) > 0 and strlen( $_REQUEST[ 'password' ] ) > 0 )
    {
      //print 'debug2.2<br>';

      if( validateUser( $_REQUEST[ 'user_name' ], $_REQUEST[ 'password' ] ) > 0 )
      {
        //print 'debug2.3<br>';
      }
    }
    else
    {
      //print 'hello<br><br>';
    }
  }
  else
  {
    if( $command == 'logout' )
    {
      $_SESSION[ 'secure_user_session' ] = '';
    }
  }


  function determineAccess( $iRequestedLevel, $sSessionID )
  {

    //decode session id to a level here
    $iCurrentLevel = decodeSessionID( $sSessionID );

    if( $iCurrentLevel >= $iRequestedLevel  )
    {
      return 1;
    }
    else
    {
      return 0;
    }
  }

  function validateUser( $sUserName, $sPassword )
  {
    if( strlen( $sUserName ) > 0 && strlen( $sPassword ) > 0 )
    {
      /* Performing SQL query */
      $query = " SELECT * FROM secure_user su, customer c " .
               " where su.user_name = '" . $sUserName . "'" .
               " and su.password = '" . $sPassword . "'" .
               " and su.secure_user_id = c.secure_user_id";

      //print $query . "<br><br>";
      $result = mysql_query($query) or die("Validate User Query failed");

      //print 'debug-1<br>';

      if( $row = mysql_fetch_array($result, MYSQL_ASSOC) )
      {
        //print 'debug1<br>';

        $_SESSION[ 'secure_user_id' ] = $row['secure_user_id'];
        $_SESSION[ 'secure_user_session' ] = $row['user_name'];
        $_SESSION[ 'secure_user_level' ] = $row['level'];
        $_SESSION[ 'customer_id' ] = $row['customer_id'];


        return $row['level'];
      }
      //print 'debug2<br>';
    }

    //print 'debug3<br>';
    return -1;

  }

  function generateSessionID( $iLevel )
  {
    return $iLevel;
  }

  function decodeSessionID( $sSessionID )
  {
    return $sSessionID;
  }

  function grantAccess( $iRequestedLevel )
  {
    $bGiveAccess = false;
    $iTransposed = 0 - $iRequestedLevel;

    $binDecodedLevel = base_convert($_SESSION[ 'secure_user_level' ], 10, 2);

    //doing this so that the substring function works correctly
    //probably a better way
    $binDecodedLevel = '0000000000' . $binDecodedLevel;
    
    //alert( 'secure_user_level: ' . $_SESSION[ 'secure_user_level' ]);

    //alert( 'level: ' . $iTransposed. ' binDecodedLevel: ' . $binDecodedLevel . ' substr' . substr( $binDecodedLevel, $iTransposed, 1 ) );

    //alert( "iTransposed: " . $iTransposed . " binDecodedLevel: " . $binDecodedLevel );

    if( substr( $binDecodedLevel, $iTransposed, 1 ) == '1' )
    {
      $bGiveAccess = true;
    }

    return $bGiveAccess;
  }

  function getPassword()
  {
    $query = " SELECT * FROM secure_user su, customer c " .
             " where su.user_name = '" . $_SESSION[ 'secure_user_session' ] . "'";

    //print $query . "<br><br>";
    $result = mysql_query($query) or die("Validate User Query failed");

    if( $row = mysql_fetch_array($result, MYSQL_ASSOC) )
    {
      return $row[ 'password' ];
    }
  }

  if( $_GET[ 'command' ] == 'logout' )
  {
    $_SESSION[ 'secure_user_session' ] = '';
    $_SESSION[ 'secure_user_id' ] = '';
    $_SESSION[ 'secure_user_level' ] = '';
    $_SESSION[ 'customer_id' ] = '';
  }

?>